On Mon, Jan 24, 2022 at 04:33:10PM +0100, Claudio Jeker wrote:
> This diff does a few things regarding MFT file and hash sequences:
>
> - it validates the filename early on so that if considered valid it can
> be printed by printf(%s) without problems.
> - it assigns the file type (based on the file extension) early on and no
> longer uses this information when comparing the file hash.
> - Handle unknown files more like a soft error, the file hash still needs
> to match but the content is totally ignored.
>
> In other words it no longer rejects MFTs with unknown files in it.
> Right now rpki-client is very strict in what is accepted and it will
> become an some issue when ASPA is becomming more concrete.
Makes sense to me.
ok
One small suggestion below.
> Index: mft.c
> ===================================================================
[...]
> }
> + if (!valid_filename(file->value.ia5string->data,
> + file->value.ia5string->length)) {
> + warnx("%s: RFC 6486 section 4.2.2: bad filename", p->fn);
> + goto out;
> + }
> fn = strndup((const char *)file->value.ia5string->data,
> file->value.ia5string->length);
> if (fn == NULL)
> err(1, NULL);
>
> - if ((type = rtype_from_mftfile(fn)) == RTYPE_INVALID) {
> - warnx("%s: invalid filename: %s", p->fn, fn);
> - goto out;
> - }
> + type = rtype_from_mftfile(fn);
Now that we no longer check the return value, I would remove 'type'
from mft_parse_filehash() and assign the rtype directly to fent->type
a few lines down:
fent->file = fn;
fent->type = rtype_from_mftfile(fn);
fn = NULL;
>
> /* Now hash value. */
>
